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APPENDIX B 
Version with Markings to Show Changes Made 
37 C.F.R. § 1.121(b)(iii) and (c)(ii) 

SPECIFICATION : 

Paragraph at page 5, line 8: 

In subsequent logons to the system, the present invention allows customers to re-identify 
themselves to see a forgotten ED, and to re- verify themselves so they can recreate a password if a 
password is forgotten. The present invention allows the customer to create answers to challenge 
questions that only the user should know the answer to. For example, a challenge question could 
be, "what model was your first car?". The answers to the challenge questions are stored in the 
system for future use if the user forgets his password. If the situation occurs that the user does 
forget his password, he is presented with the challenge questions to which he previously 
provided the answers. If the user successfully answers the challenge questions, he is allowed 
access to the system (and is allowed to change his password). 

Paragraph at page 6, line 1: 

The present invention is not limited to providing access to personal accounts and is 
equally applicable to business accounts. Business customers can use the system for online 
enrollment, fulfillment and ownership verification. This includes customers who want to see 
both personal and business accounts imder one ID and password. The business owner may be a 
sole proprietor (using a social security number), a business owner or partner (using a tax 
identification number (TIN)), or a multiple business owner (multiple TINs). Furthermore, the 
system allows a tiered authority structiu-e where an owner of an account can set up and authorize 
access to the same or lesser levels of authority to non-owners of the accoimts (e.g., spouses or 
employees). This allows set up and monitoring of sub- [IDS] IDs for consumers as well as 
businesses. 

Paragraph at page 6, line 17: 

The present invention provides ease of use by the customer since the customer does not 
need to duplicate work such as inputting his or her social security number, account nimiber, and 
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other personal or account information a number of different times to either sign up for access or 
to logon to see their accounts. The ability for the customer to use "self-service" sign up and 
logon failure procedures eliminates or minimizes customer and back office support for 
fulfilhnent (e.g., issuing IDs, passwords, and reissued passwords). The single sign on ID and 
password that allows access to all of the customer's accounts provides speed of fulfilhnent, ease 
of use and reduced customer support for issued or forgotten EDs and passwords. The ability for 
customers to see all of their accounts with one logon eases the customer experience and 
[enhance] enhances customer retention, as well as enhancing cross-sell and up-sell efforts. 

Paragraph at page 7, line 19: 

System 100 illustrates the system of the present invention that allows customers 110 to 
use a single sign on procedure to obtain access to a plurality of their accounts residing on the 
systems 192-196 for different hnes of business in the institution. Customers 110 use their 
workstations 1 10 to connect to system 100 through a commimication network 115. In a preferred 
embodiment, the network 1 15 is the public Internet, but can be any other communication 
connection such as a direct dial up line or a third party value add network. Customer 
workstations [100] HO are comprised of any platform capable of running an Intemet web 
browser or similar graphical user interface software. Examples of suitable web browsers include 
Microsoft's Intemet Explorer™ and Netscape's Communicator™. The platform for user 
workstations [100] llO can vary depending on the needs of its particular user and includes a 
desktop, laptop or handheld personal computer, personal digital assistant, web enabled cellular 
phone, web enabled television, or even a workstation coupled to a mainfi-ame computer. 

Paragraph at page 8, line 9: 

In the preferred embodiment, customer workstations 110 communicate with system 100 
using the Transmission Control Protocol/Internet Protocol (TCP/IP) upon which particular 
subsets of that protocol can be used to facilitate communications. Examples include the 
Hypertext Transfer Protocol (HTTP), data carrying Hypertext Mark-Up Language (HTML) web 
pages, Java and Active-X applets and File Transfer Protocol (FTP). Data connections between 
customer workstations 1 10 and data communication network 115 can be any knovm arrangement 
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for accessing a data communication network, such as dial-up Serial Line Interface 
Protocol/Point-to-Point Protocol (SLJP/PPP), Integrated Services Digital Network (ISDN), 
dedicated leased-line service, broadband (cable) access, Digital Subscriber Line (DSL), 
Asynchronous Transfer Mode (ATM), Frame Relay or other known access [technique] 
techniques . Web servers 120 are coupled to data communication network 115 in a similar 
fashion. However, it is preferred that the link between the web servers 120 and data 
communication network 1 15 be arranged such that access to web servers 120 is always available. 

Paragraph at page 10, line 26: 

Figure 2 illustrates an overview of the sign up and log on processes of the present 
invention. In step 200 a customer is presented with an up-front filter asking them to define 
themselves as a business, personal, both business and personal, or if they are not a customer. 
Prior to the customer continuing in the process, a warning is presented to the customer with 
respect to the dual signature limitation for business customers. Based on the self-selection, the 
customer is presented with an explanation in regard to the linking of personal and business 
accounts, the single signer requirement, and the necessity of signing up business accounts first. 

Paragraph at page 12, line 4: 

After creating the User ID and password, the customer is presented with the option to 
select challenge questions, which as described below, enables them to reset their passwords 
online, by themselves, in the event the customer forgets the password selected. In step 210, the 
customer is then presented with an online legal agreement that must be accepted prior to the 
customer continuing. The online legal agreement contains all of the terms and conditions of the 
customer's use of system 100. For those customers who were set up via the call center, this legal 
agreement is presented to them upon logging on for the first time. 

Paragraph at page 12, line 13: 

In step 215, the customer is shown all of his/her accounts (including business accounts if 
applicable) that he/she has with the institution. The accoimt information is presented to the 
customer based on data contained in the customer's GIF profile. After the accounts have been 
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presented to the customer, the customer is given the option to view these accounts using system 
100. In addition to the accounts the customer can view, the customer [is the customer] is shown 
all services (e.g., tax, payroll, wire transfer, and electronic billing services) in which the customer 
is able to participate. 

Paragraph at page 14, line 21: 

Each of the identification screens prompt the user for information sufficient to retrieve 
the customer's information fi:'om the CEF. This information includes the Social Security Number 
(SSN) for access to personal accounts, the Taxpayer Identification Number (TIN) for access to 
business accounts, the customer's account number and account type, the user's first and last 
name and email address. The email address portion of the input screen for identification also has 
a check box to allow users to opt-in for marketing email messages. 

Paragraph at page 16, line 12: 

In step 310, the user is prompted to Create a user ID, a password and challenge questions. 
Regardless of whether the user is identified on the CIF, the user is allowed to create an ID and 
password that are added to the database of system 100. Prospects (users without current 
accounts) are allowed to establish a user ID and password in order to facilitate Sign Up at a later 
time or to access non-accoimt features, such as saving data to a calculator or application or 
personalizing a financial utility page. The user is created in the system by adding the ID, 
password and email address to the database. If the user has been identified as a customer with 
current accounts, the customer's CIF number is also stored in the database with the ID and 
password. [.] 

Paragraph at page 16, line 23: 

At this point in the sign up process, the user is also prompted to select and answer 
challenge questions. These challenge questions replace the prior art method of re-verifying using 
account information. The user selects one question fi'om each of three drop down [list] lists and 
completes the answers. Users that have passed the CIF match (i.e. customers) have the option to 
opt-out of challenges. If they choose to do so, they will not be able to re-verify online and create 
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a new password. They would have go through the customer service center of the institution and 
a new password is mailed to them. As previously described, the challenge questions are personal 
in nature, of a type that only the user would be able to answer them (e.g., what was your first 
grade teacher's name). 

Paragraph at page 17, line 16: 

In step 315, the user is presented with the legal agreement governing the user's access to 
system 100. All users creating a user ED and password have to accept the legal agreement. This 
is equally true for prospects and customers that have both passed or failed the GIF match. Since 
these users will have other fimctionaUty at the site, they all need to accept the legal agreement. 
The user is presented with the legal agreement and has the option to select "I Agree" or "I 
Disagree" or "Print". If the user rejects the disclosure, she is notified that she cannot continued 
with the sign up process and is presented with the option to view it again. If the user accepts the 
disclosure, the sign up process continues. 

Paragraph at page 17, line 26: 

After the user accepts the legal agreement, there is a decision point before proceeding to 
the next step. If the customer was coming from a process other than signing up for account 
access, the user will be prompted to Log On [(see below)]. After successfiiUy logging on, the 
user is returned to the process that brought him to Sign^Up. If the user is signing up for account 
access, the user will continue with show/hide fimctionality. 

Paragraph at page 20, line 2: 

Verification according to the present invention is different from the prior art 
authentication for several reasons. First, some of the prior art verification questions are not 
applicable to the Intemet channel or to the "self-service" methods of the present invention. For 
example, a question related to a "a recent transaction" cannot be prompted and verified by a 
system such as system 100 in real time. The verification questions of the present invention relate 
to access to accoimts via the Intemet Channel, and are not related to a global name or address 
change. 
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Paragraph at page 20, line 18: 

Of the products the customer has chosen to activate online during the select account 
process (step 320 of Fig. 3), an account of the "highest" product type on the hierarchy is [be] 
chosen to verify against. If multiple accounts of this product type have been selected, the system 
performs the following logic to determine which account to use for product-level verification. If 
the product type for verification is the same type that the user identified himself with during sign 
up/identification, the account number chosen during identification is used. If the product type 
was not used for identification, then the first accoimt retumed on the list is used. 

Paragraph at page 20, line 26: 

In step 400 it is determined if the authentication level for the current product/account 
selected is greater than the current level of verification performed by the user. If it is not, the 
process proceeds to step 425 in which the user is confirmed for the present level of verification. 
In a preferred embodiment of the present invention the hierarchy implemented for personal 
customers opposed to business customers[)] is: Credit Card; Checking/MMA (excluding IRA 
MMA); Savings/IRA MMA/IRA Savings; CD/IRA CD; Overdraft Line of Credit; Investments; 
and Mortgage. The customer's SSN is not used for verification of a product since the user has 
already entered it during the Sign Up/ Identification process. If a higher level of verification is 
required, the system in step 405 checks to see if there is a complete record for the account in the 
database of system 100. If there is not a complete record, an error message is generated in step 
407 

Paragraph at page 22, line 11: 

The following are some examples of the verification questions required for access to 
specific accounts. For credit card products, it is required that the user enter the trailing 4 digits 
for all of the accounts they are selecting to "show". If the user incorrectly enters the trailing 
digits for the account being used for verification, then, after three attempts, the user fails 
verification altogether. However, if the user incorrectly enter the trailing 4 digits for an accoimt 
not being used for verification, then the user just does not have online access to that account. In 
addition to the account number, the user will be prompted to answer questions related to the 
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following: Mother*s Maiden Name; the C W/C2 number printed on the reverse side of the 
physical credit card; Date of Birth; and Home Phone Number. 

Paragraph at page 24, line 3: 

The verification of ownership processes for online access for Small Business customers is 
dependent on whether or not the customer has a deposit product in their profile. As with 
personal authentication, if a business customer verifies or correctly [answer] answers questions 
for a particular product, they are automatically verified for each of the products below it in the 
hierarchy. Verification requirements for Small Business customers differs from that for Personal 
customers. Products available for online access are Checking, MMA, Savings, CD, Credit Card, 
Revolving credit products and hivestments. As a rule, a business customer must either verify 
ownership against a deposit account or an investment accoimt. In a preferred embodiment, small 
business customers will not be able to verify against any other accounts. In the preferred 
embodiment, the verification hierarchy for small businesses is as follows: Checking/MMA; 
Savings; CD; and Investments. 

Paragraph at page 24, line 20: 

Although described briefly before, the follow generally describes the log on process. 
When a user logs on, several scenarios exist based on varying ID and password combinations [in 
put] inputted by the user such as valid ID/invalid password, invalid ID/invalid password, etc. 
Although each of these scenarios are a bit different, it has been leamed that if the scenarios are 
treated differently, the system 100 will reveal information regarding a "hit" on a vaUd ID, as well 
as information regarding the security and authentication logic and User ID status within the 
system. To ensure that system 100 does not leak any such information, all scenarios with regard 
to invalid ED/PW combinations are treated identical. The customer has the ability to click on a 
"Having Trouble?" link and be presented with Help options (that is, contact customer support or 
re-authenticate online options). 
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